Wednesday, August 5, 2015

Files with .crypt extension are encrypted by ransomware from the Ransom:Win32/Troldesh family. In case you are wondering why all your files have "CRYPT" file format and you can't open them I have bad news for you - your computer is infected with ransomware. This particular ransom virus encrypts files and inserts contact information in a file name, for example !____________DESKRYPTEDN81@GMAIL.COM.crypt or !helpfiledeskript111@gmail.com.crypt. Cyber criminals give email addresses (yours might be different) and hope that you will contact them to get further information on how to decrypt your files. Thanks to our lives virtually being played out online, cyber criminals have a whole host of people to choose from to scam, phish, extort, scare and wreak havoc upon. They also employ increasingly sophisticated methods to con us out of our data, identity and money. And the myriad of applications, files, tools and programs that we are constantly downloading means they have even more ways to infiltrate our computers.

Why you need to be aware of .crypt ransomware

It is a type of malicious software that you really need to be aware of. Unlike some malware which only has one line of attack, ransomware can have a very real and detrimental effect on you thanks to its modus operandi which is to not only cause mayhem on your computer and to your files, but also to attempt to extort money from you. So how does this ransom virus infect you and what does it actually do to you and your computer?

If you ever thought that, as a regular person, you were immune to the horrors of being kidnapped we hate to break it to you that, while you might get bundled into the back of a van with blacked out windows by leather glove clad thugs, you do stand a fair chance of being a victim of a virtual kidnapping by way of your PC.

Ransomware's MO

In a nutshell, it infects your computer, encrypts your files, appends .crypt extension, inserts contact information and holds your files or data to ransom and then demands a sum of money from you in lieu of their release.

What will likely happen is that while you're using your computer it will suddenly freeze and an on-screen message will appear telling you that you have been hijacked. And if that wasn't panic inducing enough, many ransomware programs also make this 'ransom note' look as if it has been sent either by your local police force or even from a government body such as the FBI. Official wording and logos will add additional authenticity dialling the fear factor up even further. So exactly WHY is the 'FBI' holding your data hostage? The warning will tell you it is because you are guilty of visiting illegal or banned websites, or viewing or downloading illicit, pirated or sensitive files or content. Once the fine has been paid the 'FBI' will unfreeze your PC. Of course, your ransom note can be completely different or the particular variant that you have on your computer may not even have a ransom note. Sometimes, an email address in a file name like DESKRYPTEDN81@GMAIL.COM.crypt is more than enough.

Obviously this would cause even the most level headed among us to at least momentarily panic. Is it possible that you might have accidentally visited a website with dubious content? What about that TV show you downloaded – was that an illegal act? Chances are you don't want to take any risks – or perhaps you have recently looked at an x-rated website and are embarrassed. Should you just pay the fine and be done with it? Absolutely not! Unless, of course, your files are very important and you can't afford losing them. But it's always a good idea to try a few data recovery tools before paying the ransom.

How to get my files back?

If you have a recent backup, wipe your hard disk and reinstall your files. If you don't, try Shadow Explorer program or search your computer for previous versions of files. If you are lucky enough you may find files that were not encrypted and renamed to .crypt. But before restoring your files, please remove the ransomware and related malware files from your computer. Otherwise, you will simply waste your time. If you have any questions, please leave a comment down below. Good luck and be safe online!

Step 1: Removing .crypt extension ransomware and related malware:

Before restoring your files from shadow copies, make sure the ransomware is not running. You have to remove this malware permanently. Thankfully, there are a couple of anti-malware programs that will effectively detect and remove this malware from your computer.

1. First of all, download and install recommended anti-malware scanner. Run a full system scan and remove detected malware.

Important! If you can't download or run it, please restart your computer in Safe Mode with Networking or Safe Mode and try again.

2. Then, download ESET Online Scanner and run a second scan to make sure there are no other malware running on your computer.

That's it! Your computer should be clean now and you can safely restore your files. Proceed to Step 2.

Step 2: Restoring files encrypted by .crypt extension virus:

Method 1: The first and best method is to restore your files from a recent backup. If you have been regularly performing backups, then you should use your backups to restore your files.

2
comments:

Hi, I have been hit from ransomware virus. A variant of win32/Kryptik.DYWBNow I have all the data file with .crypt like in your removal guide. I have no key.dat and no bitcoin address. Someone can help me? thanks

Blog Archive

Blogroll

Rate This Blog or Leave a Review

About Me

Hi there, and welcome to my humble web presence. I'm Michael Kaur. Malware squasher, geek, and blogger based in Los Angeles, CA. If you'd like to contact me, the easiest way is through email given below or Google+. Simply add me to your Google Plus circles.

DisclaimerThis is a self-help guide. Use at your own risk. Deletemalware.blogspot.com can not be held responsible for problems that may occur by using this information.

About the blogThis blog provides reliable information about the latest computer security threats including spyware, adware, browser hijackers, Trojans and other malicious software. We do NOT host or promote any malware (malicious software). We just want to draw your attention to the latest viruses, infections and other malware-related issues. The mission of this blog is to inform people about already existing and newly discovered security threats and to provide assistance in resolving computer problems caused by malware.